TDSSserv Trojan malware: How I found and deleted it

My PC was infected by the TDSSserv Trojan malware yesterday.  It was the most difficult virus that I have battled with, however this is how I finally deleted it.

In summary, I finally deleted the TDSSserv Trojan by using the excellent MalawareBytes anti malware software, however I had to follow a set routine (see below) to remove the infection.

If your PC is infected by the TDSSserv Trojan, then I hope this information saves you some time and effort.

I wrote about some of the symptoms of the TDSSserv Trojan infection yesterday, so see that post if you think your PC may have the same problems.

If you read that post, I should add, that sadly I later found that the AVG removal tool had not completely removed the TDSSserv infection.

MalawareBytes anti malware software

After searching the Internet, I tried at least 5 different anti virus and trojan removal tools including the MalawareBytes anti malware software.

Running scan after scan, none of the tools could detect the trojan apart from MalawareBytes.  The problem was, even that did not properly delete the infection.

The problem was that the TDSSserv Trojan kept blocking the update of the various anti virus systems, including MalawareBytes.

How I eventually deleted the TDSSserv Trojan

1) As MalawareBytes seemed the most promising, I rebooted the PC into safe mode with network support.  You do this by pressing the F8 key repeatedly during the boot process.

A list of options is displayed on the screen, so you select Safe mode with network support.  This then loads Windows up in safe mode and allows you to connect to the Internet.

2)
I ran MalawareBytes update and could finally get it to connect to their update site as the trojan wasn’t blocking it in safe mode.

3) Once MalawareBytes had the updated definitions database, I then ran the MalawareBytes full scan.

4) The full scan took about 45 minutes but found 14 infected objects, which were then deleted.

5) I then rebooted the PC as normal and immediately ran the MalawareBytes full scan again before loading any other apps.

6) This scan did not find any infections.  I could use Firefox properly again and the infection was finally cured, after 8 hours of frustrating and hard work.

What about ZoneAlarm?

I had a paid for ZoneAlarm and had kept it fully updated, yet it failed badly.  It did not detect the TDSSserv Trojan and could not delete it.

If ZoneAlarm had done its job properly, I would have avoided those 8 hours of wasted time yesterday. ZoneAlarm is toast, as far as I’m concerned.

Sadly the AVG anti virus software did not delete the TDSSserv Trojan fully either, although I am now using their software in conjunction with MalawareBytes.

So MalawareBytes saved the day

So if your PC is infected by the TDSSserv Trojan, or, ideally, you want to prevent an infection, I whole heartedly recommend MalawareBytes anti malware software.

It is free to scan and delete malware, however it costs a small amount to have it running as a protection service.  It is more than worth it for the hassle which would have been prevented yesterday, so I have bought the full version.

Add Comment